I have this wireshark file with a list of traffics. I want to find the maximum segment size of a TCP segment but I can't find it. I saw online that this is normally found when you expand the TCP line and under the "Options" line, but I can't seem to find the Options line, all it has under TCP is "Flags", "Checksum", and "SEQ/ACK Analysis". asked 06 May '12, 23:29  JenniferJ88 |
One Answer:
You can find the MSS option only in the SYN and SYN/ACK packets. They are set once and will be used for the whole session. answered 06 May '12, 23:54  SYN-bit ♦♦ showing 5 of 6 show 1 more comments |
Ya it's an SYN packet but there's still no MSS option...
it only has the window size, but I guess that's not the MSS...
Then a MSS is not advertised, which means both sides will base the MSS on the MTU of the link they use for sending the traffic.
Assuming both systems are connected by ethernet, they will use 1500 minus the IP header length minus the TCP header length. So when no additional IP and TCP options are used, they will use an MSS of 1500 - 20 - 20 = 1460.
So is there a way to find the MTU in wireshark traces?
Only by deducting it from the maximum packet length found in a TCP session. The actual MTU value is not sent.
@ SYN-Bit: You gotta be careful about that -> I have seen systems using a fallback MSS os 536 (576 min. MTU -20 -20) when no MSS in found in TCP options during handshake